Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SSL for basic contact form

  • 06-11-2015 9:37pm
    #1
    Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭


    I'm curious as to peoples thoughts on the use of SSL for Contact Forms. Usually I would use them where credit card information is being passed but I wonder for data protection is it wise if peoples contact numbers and addresses are being passed?


Comments

  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭28064212


    Depends on the value and confidentiality of the contactees e.g. a website for victims of domestic abuse would very much be expected to protect any information submitted as much as possible. The local coffee shop with a feedback form, not so much.

    However, SSL is pretty easy to set up, and with Lets Encrypt coming down the line pretty soon, it's about to get even easier. It's rapidly going to become the default for a lot of websites, and there's no real downside to it

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    If you are passing cookies, you should use SSL everywhere, even if the cookies are https only, not just for pages where you post info.


  • Registered Users, Registered Users 2 Posts: 6,289 ✭✭✭Talisman


    You can get a free SSL certificate from StartSSL.com so it's worth having the additional security. Their website looks like it was thrown together in the 1990s but the certificates work.

    Let's Encrypt should be publicly launching their service next couple of weeks unless it has been postponed again but there hasn't been any announcement.


  • Registered Users, Registered Users 2 Posts: 1,179 ✭✭✭salamanca22


    Why not? You can get them super cheap / free nowadays and it gives visitors a sense of safety when they see that the page is being served over https. If your site is behind cloudflare then you can turn on and off ssl quite easily and for free.


  • Registered Users, Registered Users 2 Posts: 1,717 ✭✭✭Raging_Ninja


    Just use SSL on the entire domain by default - it doesn't cost you any more than picking and choosing pages where you want it implenented.


  • Advertisement
  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    SSL is cheap enough, but I had wondered have peoples attitudes changed as we head towards a more 'data protected' future than we had before. I have them on basic contact forms because they look for addresses and contact numbers for making a reservation for accommodation. No Credit Card information is passed. Seems that people are in broad agreement to keep SSL for these type of forms (by the small sample here).


  • Registered Users, Registered Users 2 Posts: 1,275 ✭✭✭bpmurray


    You'll notice that many companies now use ssl on every page, including static content, so you might as well do that if you have the cert.


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    Sully wrote: »
    Seems that people are in broad agreement to keep SSL for these type of forms (by the small sample here).

    That's not what I've taken from this thread. The consensus appears to be why wouldn't you use SSL for your entire site.

    To add Googles thoughts on the subject:

    HTTPS as a ranking signal

    over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.


  • Moderators, Sports Moderators, Regional Abroad Moderators Posts: 2,666 Mod ✭✭✭✭TrueDub


    Interesting article on The Register about a new encryption effort called letsencrypt.

    Thinking of trying this out with an old domain I have lying around, just to see how it works.


  • Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭Tom Dunne


    TrueDub wrote: »
    Interesting article on The Register about a new encryption effort called letsencrypt.

    Thinking of trying this out with an old domain I have lying around, just to see how it works.

    That's a fantastic initiative.

    In the college where I work, we did a bit on self-signing certificates, but the students generally didn't get it and the college wouldn't pay for certs.

    I might try this with a few projects after Christmas.


  • Advertisement
  • Moderators, Sports Moderators, Regional Abroad Moderators Posts: 2,666 Mod ✭✭✭✭TrueDub


    Tom Dunne wrote: »
    That's a fantastic initiative.

    In the college where I work, we did a bit on self-signing certificates, but the students generally didn't get it and the college wouldn't pay for certs.

    I might try this with a few projects after Christmas.

    Please let us know how it goes, it's a really interesting approach to security. and I'd love to find out if it's as easy as it claims to be.


Advertisement